Lucene search
K
MageiaRecent

6012 matches found

Mageia
Mageia
•added 2017/09/21 1:43 p.m.•42 views

Updated bluez packages fix security vulnerability

An information-disclosure flaw was found in the bluetoothd implementation of the Service Discovery Protocol SDP. A specially crafted Bluetooth device could, without prior pairing or user interaction, retrieve portions of the bluetoothd process memory, including potentially sensitive information...

6.5CVSS2.6AI score0.07774EPSS
Exploits3References3
Mageia
Mageia
•added 2017/09/16 8:24 a.m.•68 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 4.9.50 and fixes at least the following security issues: net/xfrm/xfrmpolicy.c in the Linux kernel through 4.12.3, when CONFIGXFRMMIGRATE is enabled, does not ensure that the dir value of xfrmuserpolicyid is XFRMPOLICYMAX or less, which allows local...

8.8CVSS3.7AI score0.16181EPSS
Exploits12References8
Mageia
Mageia
•added 2017/09/16 8:24 a.m.•28 views

Updated 389-ds-base packages fix security vulnerability

The directory server password lockout policy prevents binds from operating once a threshold of failed passwords has been met. During this lockout, if you bind with a successful password, a different error code is returned. This means that an attacker has no ratelimit or penalty during an account...

9.8CVSS1.6AI score0.01418EPSS
Exploits1References2
Mageia
Mageia
•added 2017/09/16 8:24 a.m.•31 views

Updated mpg123 packages fix security vulnerabilities

mpg123 version 1.25.6 fix two buffer overflows, and several other non-security bugs...

5.5CVSS4.2AI score0.0119EPSS
Exploits0References3
Mageia
Mageia
•added 2017/09/16 8:24 a.m.•56 views

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on upstream 4.9.50 and fixes at least the following security issues: net/xfrm/xfrmpolicy.c in the Linux kernel through 4.12.3, when CONFIGXFRMMIGRATE is enabled, does not ensure that the dir value of xfrmuserpolicyid is XFRMPOLICYMAX or less, which allows local use...

8.8CVSS3.7AI score0.16181EPSS
Exploits12References8
Mageia
Mageia
•added 2017/09/16 8:24 a.m.•56 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-öinus update is based on upstream 4.4.88 and fixes at least the following security issues: net/xfrm/xfrmpolicy.c in the Linux kernel through 4.12.3, when CONFIGXFRMMIGRATE is enabled, does not ensure that the dir value of xfrmuserpolicyid is XFRMPOLICYMAX or less, which allows local...

8.8CVSS3.7AI score0.16181EPSS
Exploits12References7
Mageia
Mageia
•added 2017/09/16 8:24 a.m.•47 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 4.9.50 and fixes at least the following security issues: net/xfrm/xfrmpolicy.c in the Linux kernel through 4.12.3, when CONFIGXFRMMIGRATE is enabled, does not ensure that the dir value of xfrmuserpolicyid is XFRMPOLICYMAX or less, which allows local users t...

8.8CVSS3.5AI score0.16181EPSS
Exploits12References8
Mageia
Mageia
•added 2017/09/16 8:24 a.m.•55 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 4.4.88 and fixes at least the following security issues: net/xfrm/xfrmpolicy.c in the Linux kernel through 4.12.3, when CONFIGXFRMMIGRATE is enabled, does not ensure that the dir value of xfrmuserpolicyid is XFRMPOLICYMAX or less, which allows local users t...

8.8CVSS3.5AI score0.16181EPSS
Exploits12References7
Mageia
Mageia
•added 2017/09/16 8:24 a.m.•81 views

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update is based on upstream 4.4.88 and fixes at least the following security issues: net/xfrm/xfrmpolicy.c in the Linux kernel through 4.12.3, when CONFIGXFRMMIGRATE is enabled, does not ensure that the dir value of xfrmuserpolicyid is XFRMPOLICYMAX or less, which allows local use...

8.8CVSS3.7AI score0.16181EPSS
Exploits12References7
Mageia
Mageia
•added 2017/09/14 6:21 p.m.•41 views

Updated libsndfile packages fix security vulnerability

It was discovered that a Heap-based Buffer Overflow in the psfbinheaderwritef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact...

9.8CVSS6.6AI score0.03978EPSS
Exploits0References2
Mageia
Mageia
•added 2017/09/14 6:21 p.m.•30 views

Updated flash-player-plugin packages fix security vulnerability

Adobe Flash Player 27.0.0.130 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update addresses two memory corruption vulnerabilities that could lead to code execution CVE-2017-11281...

9.8CVSS5.7AI score0.34848EPSS
Exploits8References2
Mageia
Mageia
•added 2017/09/10 12:36 p.m.•13 views

Updated bzr packages fix security vulnerability

Adam Collard discovered that Bazaar did not properly handle host names in 'bzr+ssh://' URLs. A remote attacker could use this to construct a bazaar repository URL that when accessed could run arbitrary code with the privileges of the user...

1.8AI score
Exploits0References2
Mageia
Mageia
•added 2017/09/10 12:36 p.m.•27 views

Updated libgcrypt packages fix security vulnerability

It was discovered that libgcrypt is prone to a local side-channel attack against the ECDH encryption with Curve25519, allowing recovery of the private key...

7.5CVSS3.1AI score0.0351EPSS
Exploits0References2
Mageia
Mageia
•added 2017/09/10 12:36 p.m.•42 views

Updated libarchive packages fix security vulnerability

Heap-based buffer overflow in xmldata in archivereadsupportformatxar.c CVE-2017-14166...

6.5CVSS3.5AI score0.03341EPSS
Exploits0References2
Mageia
Mageia
•added 2017/09/10 12:36 p.m.•49 views

Updated tcpdump packages fix security vulnerabilities

Summary for 4.9.2 tcpdump release Do not use getprotobynumber for protocol name resolution. Do not do any protocol name resolution if -n is specified. Improve errors detection in the test scripts. Fix a segfault with OpenSSL 1.1 and improve OpenSSL usage. Clean up IS-IS printing. Fix buffer...

9.8CVSS0.5AI score0.06196EPSS
Exploits3References1
Mageia
Mageia
•added 2017/09/07 9:7 a.m.•34 views

Updated groovy18 packages fix security vulnerability

When an application has Groovy on the classpath and that it uses standard Java serialization mechanism to communicate between servers, or to store local data, it is possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications whi...

9.8CVSS9.2AI score0.42983EPSS
Exploits4References3
Mageia
Mageia
•added 2017/09/07 9:7 a.m.•60 views

Updated mariadb packages fix security vulnerabilities

Easily exploitable vulnerability in MariaDB Server allows low privileged attacker with logon to the infrastructure where MariaDB Server executes to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MariaDB...

5.3CVSS4.1AI score0.03198EPSS
Exploits0References3
Mageia
Mageia
•added 2017/09/07 9:7 a.m.•46 views

Updated libxdmcp packages fix security vulnerability

XDM uses weak entropy to generate the session keys on non BSD systems. On multi user systems it might possible to check the PID of the process and how long it is running to get an estimate of these values, which could allow an attacker to attach to the session of a different user CVE-2017-2625...

6.5CVSS1.7AI score0.00534EPSS
Exploits3References2
Mageia
Mageia
•added 2017/09/07 9:7 a.m.•50 views

Updated mercurial package fixes security vulnerabilities

Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection attacks by specifying a hostname starting with -oProxyCommand...

10CVSS3AI score0.05734EPSS
Exploits1References2
Mageia
Mageia
•added 2017/09/03 3:11 p.m.•38 views

Updated poppler packages fix security vulnerabilities

Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler allows attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted PDF document CVE-2017-9776. The function GfxImageColorMap::getGray in GfxState.cc in...

7.8CVSS5.1AI score0.01999EPSS
Exploits0References2
Mageia
Mageia
•added 2017/09/03 2:31 p.m.•49 views

Updated rt/perl-Encode packages fix security vulnerability

RT 4.0.0 and above are vulnerable to a limited privilege escalation leading to unauthorized modification of ticket data. The DeleteTicket right and any custom lifecycle transition rights may be bypassed by any user with ModifyTicket CVE-2012-4733. RT 3.8.0 and above include a version of bin/rt th...

8.8CVSS9.2AI score0.02825EPSS
Exploits0References5
Mageia
Mageia
•added 2017/09/03 2:31 p.m.•29 views

Updated samba packages fix security vulnerability

Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Samba clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network servers or perform other attacks CVE-2017-11103. The samba package has been updated...

8.1CVSS3.9AI score0.05118EPSS
Exploits0References5
Mageia
Mageia
•added 2017/09/03 2:31 p.m.•43 views

Updated botan packages fix security vulnerability

Aleksandar Nikolic discovered that an error in the x509 parser of the Botan crypto library could result in an out-of-bounds memory read, resulting in denial of service or an information leak if processing a malformed certificate CVE-2017-2801...

9.8CVSS3AI score0.01317EPSS
Exploits2References3
Mageia
Mageia
•added 2017/09/03 2:31 p.m.•37 views

Updated wireshark packages fix security vulnerability

The wireshark package has been updated to version 2.2.9, which fixes a few security issues where a malformed packet trace could cause it to crash or go into an infinite loop, and fixes several other bugs as well. See the release notes for details...

7.5CVSS3.1AI score0.02012EPSS
Exploits0References6
Mageia
Mageia
•added 2017/09/01 9:10 p.m.•64 views

Updated iceape packages fix security vulnerabilities

Updated Iceape packages include security fixes from upstream Seamonkey: Multiple flaws were found in the way Iceape 2.46 processes various types of web content, where loading a web page containing malicious content could cause Iceape to crash, execute arbitrary code, or disclose sensitive...

9.8CVSS2.8AI score0.33199EPSS
Exploits40References6
Mageia
Mageia
•added 2017/09/01 9:10 p.m.•14 views

Updated wireshark packages fix security vulnerabilities

The wireshark package has been updated to version 2.0.15, which fixes a couple security issues where a malformed packet trace could cause it to crash or go into an infinite loop, and fixes several other bugs as well. See the release notes for details...

3.2AI score
Exploits0References5
Mageia
Mageia
•added 2017/09/01 9:10 p.m.•53 views

Updated botan packages fix security vulnerabilities

While decoding BER length fields, an integer overflow could occur. This could occur while parsing untrusted inputs such as X.509 certificates. The overflow does not seem to lead to any obviously exploitable condition, but exploitation cannot be positively ruled out. Only 32-bit platforms are like...

9.8CVSS3.2AI score0.01978EPSS
Exploits2References4
Mageia
Mageia
•added 2017/09/01 9:10 p.m.•47 views

Updated apache-commons-email packages fix security vulnerability

In apache-commons-email before 1.5, when a call-site passes a subject for an email that contains line-breaks, the caller can add arbitrary SMTP headers CVE-2017-9801...

7.5CVSS2.3AI score0.06036EPSS
Exploits0References2
Mageia
Mageia
•added 2017/08/29 8:36 p.m.•65 views

Updated libgit2 packages fix security vulnerabilities

Read out-of-bounds in gitoidnfmt CVE-2016-8568. DoS using a null pointer dereference in gitcommitmessage CVE-2016-8569. Insufficient sanitization allows some edge cases in the Git Smart Protocol which can lead to reading outside of a buffer CVE-2016-10128, CVE-2016-10129...

9.8CVSS2.5AI score0.03922EPSS
Exploits0References3
Mageia
Mageia
•added 2017/08/29 8:36 p.m.•49 views

Updated gstreamer0.10-plugins-base and gstreamer1.0-plugins-base packages fix security vulnerabilities

Denial of service in GStreamer base plugins can be caused by floating point exceptions CVE-2017-5837, CVE-2017-5844, stack overflow CVE-2017-5839, or out-of-bounds heap read CVE-2017-5842. Note that GStreamer 0.10 was only affected by the floating point exceptions...

7.5CVSS2.8AI score0.0448EPSS
Exploits0References3
Mageia
Mageia
•added 2017/08/28 10:48 p.m.•48 views

Chromium-browser 60.0.3112.101 fixes security issues

Multiple flaws were found in the way Chromium 57 processes various types of web content, where loading a web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information. CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060,...

8.8CVSS1.9AI score0.31212EPSS
Exploits1References11
Mageia
Mageia
•added 2017/08/28 10:48 p.m.•31 views

Updated libgxps packages fix security vulnerability

There is a NULL pointer dereference in the caselesshash function in gxps-archive.c in libgxps 0.2.5. A crafted input will lead to a denial of service attack CVE-2017-11590...

7.5CVSS3.5AI score0.01534EPSS
Exploits1References2
Mageia
Mageia
•added 2017/08/28 8:14 a.m.•34 views

Updated postgresql9.3/4/6 packages fix security vulnerabilities

libpq, and by extension any connection driver that utilizes libpq, ignores empty passwords and does not transmit them to the server. When using libpq or a libpq-based connection driver to perform password-based authentication methods, it would appear that setting an empty password would be the...

9.8CVSS0.9AI score0.61566EPSS
Exploits0References5
Mageia
Mageia
•added 2017/08/28 8:14 a.m.•17 views

Updated kmail(kdepimlibs4) packages fix security vulnerability and bugs

The kdepimlibs4, kdepim4, kdepim4-runtime, and akonadi packages have been updated to include the latest bug fixes from upstream. This includes a fix for an issue where the Send Later function in kmail would cause an e-mail that had been designated to be sent encrypted would be sent in plain text...

1.4AI score
Exploits0References3
Mageia
Mageia
•added 2017/08/26 9:17 p.m.•15 views

Updated libmodplug packages fix security vulnerabilities

libmodplug 0.8.9.0 fixes various out-of-bounds read and write errors as well as divide-by-zero issues...

3.8AI score
Exploits0References2
Mageia
Mageia
•added 2017/08/26 9:17 p.m.•24 views

Updated miniupnpc packages fix security vulnerability

It was discovered that MiniUPnP incorrectly handled memory. A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with privileges of the user running an application that uses the MiniUPnP library CVE-2017-8798...

9.8CVSS3.6AI score0.24027EPSS
Exploits6References2
Mageia
Mageia
•added 2017/08/26 9:17 p.m.•34 views

Updated flash-player-plugin packages fix security vulnerabilities

This update upgrades Flash Player to version 26.0.0.151. Security Fixes: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF fil...

9.3CVSS2.1AI score0.22311EPSS
Exploits3References1
Mageia
Mageia
•added 2017/08/26 8:35 p.m.•49 views

Updated groovy and groovy18 packages fix security vulnerability

It was found that a flaw in Apache groovy library allows remote code execution wherever deserialization occurs in the application. It is possible for an attacker to craft a special serialized object that will execute code directly when deserialized. All applications which rely on serialization an...

9.8CVSS4AI score0.17239EPSS
Exploits1References3
Mageia
Mageia
•added 2017/08/26 8:35 p.m.•16 views

Updated dbus packages fix security vulnerabilities

A format string vulnerability in the reference bus implementation, dbus-daemon, could potentially allow local users to cause arbitrary code execution or denial of service. Symlink attack in nonce-tcp transport bsc1025950. Symlink attack in unit tests bsc1025951...

5.5AI score
Exploits0References3
Mageia
Mageia
•added 2017/08/25 9:53 p.m.•49 views

Updated kernel-linus packages fixes security and other bugs

This kernel-linus update is based on upstream 4.4.82 and fixes at least the following security issues: The curseg-segno call in f2fs driver can be malformed so that it will have a value that triggers an out of boundary write that could cause memory corruption on the affected devices, leading to...

7.8CVSS2.2AI score0.20797EPSS
Exploits19References4
Mageia
Mageia
•added 2017/08/25 8:35 p.m.•37 views

Updated heimdal packages fix security vulnerability

Transit path validation inadvertently caused the previous hop realm to not be added to the transit path of issued tickets. This may, in some cases, enable bypass of capath policy in Heimdal versions 1.5 through 7.2 CVE-2017-6594. Note, this may break sites that rely on the bug. With the bug some...

7.5CVSS1.6AI score0.01759EPSS
Exploits0References2
Mageia
Mageia
•added 2017/08/25 8:35 p.m.•38 views

Updated libice packages fix security vulnerability

libICE depends on arc4random to generate the session cookies, thereby using a weak mechanism to generate entropy CVE-2017-2626...

5.5CVSS1.4AI score0.0046EPSS
Exploits2References2
Mageia
Mageia
•added 2017/08/24 9:18 p.m.•40 views

Updated xmlsec1 packages fix security vulnerability

It was discovered xmlsec1's use of libxml2 inadvertently enabled external entity expansion XXE along with validation. An attacker could craft an XML file that would cause xmlsec1 to try and read local files or HTTP/FTP URLs, leading to information disclosure or denial of service CVE-2017-1000061...

7.1CVSS2.2AI score0.01341EPSS
Exploits0References2
Mageia
Mageia
•added 2017/08/24 9:18 p.m.•25 views

Updated gstreamer1.0 packages fix security vulnerability

A crafted AVI file could have caused an invalid memory read, possibly causing DoS or corruption CVE-2017-5838...

7.5CVSS2.8AI score0.04574EPSS
Exploits0References2
Mageia
Mageia
•added 2017/08/24 9:18 p.m.•19 views

Updated augeas packages fix security vulnerability

A vulnerability was discovered in augeas affecting the handling of escaped strings. An attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution CVE-2017-7555...

9.8CVSS2.1AI score0.05002EPSS
Exploits0References2
Mageia
Mageia
•added 2017/08/24 9:18 p.m.•57 views

Updated unrar packages fix security vulnerabilities

Directory traversal issue in UnRAR before 5.5.7 CVE-2017-12938. libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function CVE-2017-12940. libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack2...

9.8CVSS5AI score0.0357EPSS
Exploits4References3
Mageia
Mageia
•added 2017/08/24 9:18 p.m.•54 views

Updated thunderbird packages fix security vulnerabilities

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird CVE-2017-7779, CVE-2017-7800, CVE-2017-7801, CVE-2017-7753,...

10CVSS4.1AI score0.04187EPSS
Exploits13References4
Mageia
Mageia
•added 2017/08/24 9:18 p.m.•25 views

Updated perltidy packages fix security vulnerability

perltidy relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink CVE-2016-10374...

5.5CVSS3.7AI score0.0032EPSS
Exploits0References2
Mageia
Mageia
•added 2017/08/24 9:18 p.m.•65 views

Updated unrar packages fix security vulnerabilities

VMSFDELTA memory corruption CVE-2012-6706. Directory traversal issue in UnRAR before 5.5.7 CVE-2017-12938. libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function CVE-2017-12940. libunrar.a in UnRAR before 5.5.7 has a...

10CVSS5.3AI score0.10027EPSS
Exploits8References4
Mageia
Mageia
•added 2017/08/24 7:52 a.m.•15 views

Updated openjpeg2 packages fix security vulnerabilities

Patches from upstream have been added to fix two heap-based buffer overflows and a memory allocation failure...

2.7AI score
Exploits0References4
Total number of security vulnerabilities6012